$admin_partner->setSecret(generate_secret());
$admin_partner->setAdminSecret(generate_secret());
$admin_partner->save();
// replace admin console config file secret to match
replace_in_file($admin_console_config_file, '/settings.secret(\\s)*=(\\s)*(.+)/', 'settings.secret = ' . $admin_partner->getAdminSecret());
// replace batch partner secrets
$batch_partner = PartnerPeer::retrieveByPK($batch_partner_id);
$batch_partner->setSecret(generate_secret());
$batch_partner->setAdminSecret(generate_secret());
$batch_partner->save();
// replace batch config file secret to match
replace_in_file($batch_config_file, '/secret(\\s)*=(\\s)*(.+)/', 'secret = ' . $batch_partner->getAdminSecret());
// replace batch full status script secret to match
replace_in_file($batch_full_status_file, '/\\$secret(\\s)*=(\\s)*(.+)/', '$secret = \'' . $batch_partner->getAdminSecret() . '\';');
// replace kconf system pages login password
replace_in_file($kconf_file, '/"system_pages_login_password"(\\s)*=>(\\s)*(.+),/', "\"system_pages_login_password\" => '" . generate_secret() . "',");
// change parameter in kconf so secret replacement will not happen again
replace_in_file($kconf_file, '/"replace_passwords"(\\s)*=>(\\s)*(.+),/', "\"replace_passwords\" => false,");
//------------------------------------------------
function replace_in_file($file_name, $regexp, $replace)
{
$file_data = file_get_contents($file_name);
$file_data = preg_replace($regexp, $replace, $file_data);
@file_put_contents($file_name, $file_data);
}
function generate_secret()
{
$secret = md5(str_makerand(5, 10, true, false, true));
return $secret;
}
function str_makerand($minlength, $maxlength, $useupper, $usespecial, $usenumbers)
<?php //echo "Hi, you are here to generate the secret"; require_once "includes/generatesecret.inc"; require_once "includes/session.inc"; echo generate_secret(3, 2); // generate_secret(n,k)
}
if ($password == "") {
$output = "<YealinkIPPhoneInputScreen type=\"number\" password=\"yes\" LockIn=\"no\" destroyOnExit=\"yes\">\n";
$output .= "<Title>" . _("Install startup") . "</Title>\n";
$output .= "<Prompt>" . _("Password") . "</Prompt>\n";
$output .= "<URL>{$XML_SERVER}?extension={$extension}&mobilecid={$mobilecid}&did={$did}&name={$name}</URL>\n";
$output .= "<Parameter>password</Parameter>\n";
$output .= "<Default></Default>\n";
$output .= "</YealinkIPPhoneInputScreen>\n";
output($output);
exit;
}
if ($did == '0') {
$did = "";
}
$nsecret = generate_secret();
$vars = array();
$vars['tech'] = 'sip';
$vars['extension'] = $extension;
$vars['callerid'] = '<' . $extension . '>';
$vars['outboundcid'] = $did;
$vars['mobilecid'] = $mobilecid;
$vars['directdid'] = $did;
$vars['mailbox'] = $extension;
$vars['privacyman'] = '0';
$vars['name'] = isset($name) ? $name : _("New extension");
$vars['password'] = $password;
$vars['groupcid'] = _("Group");
$vars['voicebox_enable'] = '1';
$vars['vmanswer'] = '29';
$vars['vmmessage'] = 'u';
<?php
function generate_secret()
{
$f = fopen('/dev/urandom', 'rb');
$secret1 = fread($f, 32);
$secret2 = fread($f, 32);
fclose($f);
return sha1($secret1) . sha1($secret2);
}
session_start();
if (!isset($_SESSION['secret'])) {
$_SESSION['secret'] = generate_secret();
}
if (!isset($_POST['guess'])) {
echo 'Wanna play lotto? Just try to guess 320 bits.<br/><br/>' . PHP_EOL;
highlight_file(__FILE__);
exit;
}
$guess = $_POST['guess'];
if ($guess === $_SESSION['secret']) {
$flag = (require 'flag.php');
exit('Lucky bastard! You won the flag! ' . $flag);
}
//else...
echo "Wrong! '{$_SESSION['secret']}' != '";
echo htmlspecialchars($guess);
echo "'";
$_SESSION['secret'] = generate_secret();
$admin_partner->setSecret(generate_secret());
$admin_partner->setAdminSecret(generate_secret());
$admin_partner->save();
// replace admin console config file secret to match
replace_in_file($admin_console_config_file, '/settings.secret(\\s)*=(\\s)*(.+)/', 'settings.secret = ' . $admin_partner->getAdminSecret());
// replace batch partner secrets
$batch_partner = PartnerPeer::retrieveByPK($batch_partner_id);
$batch_partner->setSecret(generate_secret());
$batch_partner->setAdminSecret(generate_secret());
$batch_partner->save();
// replace batch config file secret to match
replace_in_file($batch_config_file, '/secret(\\s)*=(\\s)*(.+)/', 'secret = ' . $batch_partner->getAdminSecret());
// replace batch full status script secret to match
replace_in_file($batch_full_status_file, '/\\$secret(\\s)*=(\\s)*(.+)/', '$secret = \'' . $batch_partner->getAdminSecret() . '\';');
// replace kconf system pages login password
replace_in_file($kconf_file, '/system_pages_login_password(\\s)*=(\\s)*(.+)/', "system_pages_login_password = "******"replace_passwords = false");
//------------------------------------------------
function replace_in_file($file_name, $regexp, $replace)
{
$file_data = file_get_contents($file_name);
$file_data = preg_replace($regexp, $replace, $file_data);
@file_put_contents($file_name, $file_data);
}
function generate_secret()
{
$secret = md5(str_makerand(5, 10, true, false, true));
return $secret;
}
function str_makerand($minlength, $maxlength, $useupper, $usespecial, $usenumbers)
